-
受影响的程序版本

-
漏洞讨论

A vulnerability exists in the way GNU make handles being fed Makefile contents via standard in. GNU make will create file in /tmp, without checking to see if they already exist, or it they are in fact symbolic links. A would be attacker could simply create an appropriately named symbolic link, and point it elsewhere on the file system. In turn, they could create files owned by the user running make. If this user is root, it would be possible to obtain root privilege.

-
漏洞利用

x

-
解决方案

Patches are available from SuSE at:
ftp://ftp.suse.com/pub/suse/i386/update for Intel processors
ftp://ftp.suse.com/pub/suse/axp/update for Alpha processors
or try the following web pages for a list of mirrors:
http://www.suse.de/ftp.html
http://www.suse.com/ftp_new.html
SuSE Patch page:
http://www.suse.de/patches/index.html

Patches are available from Debian. From their advisory:
http://security.debian.org/dists/stable/updates/source/make_3.77.orig.tar.gz
MD5Dum: b8264b1f8579d810a6de5db634aeafe4